The breach marked one of the worst national security leaks since former National Security Agency contractor Edward Snowden provided batches of sensitive documents from the agency to the news media in 2013.

The New York Times reported on Tuesday that Schulte is a suspect in the leak, according to public court documents. Prosecutors, the Times also reports, plan to file a new indictment against Schulte that pertains to the leak within 45 days.

FBI Seizes Equipment

Schulte, according to his LinkedIn profile, worked as a systems engineer specializing in high-speed passive signals intelligence for the NSA in 2010. Later that year, he joined the CIA as a software engineer supporting clandestine operations, staying there through 2016.

The FBI executed a search warrant at Schulte's New York residence on March 13, 2017, seizing computers and servers containing at least 10 terabytes of data, some of which was encrypted.

But prosecutors have not yet charged Schulte with leaking any national security information. Court documents show that his lawyers have requested updates on the potential national security angle to his case.

Instead, Schulte was charged last August with three counts of receipt, possession and transportation of child pornography. According to an FBI affidavit, investigators obtained passwords from Schulte's phone and decrypted a 54 GB file stored on a virtual machine that allegedly contained 10,000 offensive images and videos.

In court documents, Schulte's attorney argued that numerous other people had access to the server and passwords for accessing it. The server was set up by Schulte in 2009 with an encrypted VeraCrypt volume, allegedly to host gaming and other applications.

But the FBI cited IRC chats between Schulte and others in which he allegedly indicated that he knew about the types of illegal material that were being stored on his server.

Schulte was released on bail last September, contingent on his not using a computer. In December 2017, however, he was again detained after allegedly violating his bail conditions.

"The fact that the defendant is ... using Tor from his apartment, when he was explicitly told not to use the internet, is extremely troubling."

At a Jan. 8 hearing, Schulte's attorneys argued that they did not contest his detention, based on their understanding that Schulte would be sent to Virginia, pursuant to a warrant.

"None of that happened," said Jacob Kaplan, one of Schulte's attorneys, according to a court transcript. "Virginia never came to get him. Virginia just didn't do anything in this case."

Schulte Violates His Bail Conditions

It's unclear why Schulte has yet to be charged in relation to his alleged involvement in the leaked Vault 7 material. Within 45 days, however, prosecutors plan to file a new indictment, the Times reports. Early court documents filed in Schulte's case referred to documents found on his computer that may have included classified information.

But at Schulte's January detention hearing, Kaplan signaled his and his client's frustration with the investigation. "In April or May of 2017, the government had full access to his computers and his phone, and they found the child pornography in this case, but what they didn't find was any connection to the WikiLeaks investigation," Kaplan said.

At the same hearing, prosecutors argued that Schulte should be returned to custody because federal monitoring showed his Gmail account had been accessed. Kaplan argued that Schulte's roommate was actually accessing the account, but the government argued that such a course of action was still forbidden. Kaplan had been living with his cousin in New York.

Assistant U.S. Attorney Matthew J. Laroche contended that either Schulte or his cousin were also using Tor, the anonymizing browser that offers more privacy when browsing the internet, conducting online chats or transferring data.

Part of the Vault 7 investigation includes "analyzing whether and to what extent Tor was used in transmitting classified information," Laroche said. "So the fact that the defendant is now, while on pretrial release, using Tor from his apartment, when he was explicitly told not to use the internet, is extremely troubling and suggests that he did willfully violate his bail conditions."

Tor, which is short for The Onion Router, routes data through a network of random proxies around the world, making the origin of data traffic difficult to trace. Many media companies have set up systems that use Tor to enable people to more safely send tips or share information without being traced.

Schulte's January court hearing also revealed that he may face felony state charges in Loudoun County, Virginia, for sexual assault. Photos of the assault - some of which included Schulte's hands - were allegedly found on Schulte's phone, Laroche said at the hearing.

A Wednesday online search of Loudoun County Circuit Court records did not turn up any active case, at least yet, that names Schulte.

About the Author

Kirk is a veteran journalist who has reported from more than a dozen countries. Based in Sydney, he is Managing Editor for Security and Technology for Information Security Media Group. Prior to ISMG, he worked from London and Sydney covering computer security and privacy for International Data Group. Further back, he covered military affairs from Seoul, South Korea, and general assignment news for his hometown paper in Illinois.

Operation Success!

Risk Management Framework: Learn from NIST

From heightened risks to increased regulations, senior leaders at all levels are pressured to
improve their organizations' risk management capabilities. But no one is showing them how -
until now.

Learn the fundamentals of developing a risk management program from the man who wrote the book
on the topic: Ron Ross, computer scientist for the National Institute of Standards and
Technology. In an exclusive presentation, Ross, lead author of NIST Special Publication 800-37
- the bible of risk assessment and management - will share his unique insights on how to:

Understand the current cyber threats to all public and private sector organizations;

Develop a multi-tiered risk management approach built upon governance, processes and
information systems;